diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-22 20:27:45 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-09-22 20:27:45 +0200 |
| commit | 655be0d24df4f8a2dc1368b307863312bd6be81d (patch) | |
| tree | b610d372e5fa41b4b0752173cb29672f3f2914c7 | |
| parent | Use median instead of mean (diff) | |
| download | kbench9000-655be0d24df4f8a2dc1368b307863312bd6be81d.tar.xz kbench9000-655be0d24df4f8a2dc1368b307863312bd6be81d.zip | |
Work around m68k compiler bug with stack frame
| -rw-r--r-- | curve25519-fiat32.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/curve25519-fiat32.c b/curve25519-fiat32.c index 6d9ee7d..69e230e 100644 --- a/curve25519-fiat32.c +++ b/curve25519-fiat32.c @@ -755,8 +755,8 @@ static __always_inline void fe_mul121666(fe *h, const fe_loose *f) bool curve25519_fiat32(u8 out[CURVE25519_POINT_SIZE], const u8 scalar[CURVE25519_POINT_SIZE], const u8 point[CURVE25519_POINT_SIZE]) { - fe x1, x2, z2, x3, z3, tmp0, tmp1; - fe_loose x2l, z2l, x3l, tmp0l, tmp1l; + fe x1, x2, z2, x3, z3; + fe_loose x2l, z2l, x3l; unsigned swap = 0; int pos; u8 e[32]; @@ -789,6 +789,8 @@ bool curve25519_fiat32(u8 out[CURVE25519_POINT_SIZE], const u8 scalar[CURVE25519 fe_1(&z3); for (pos = 254; pos >= 0; --pos) { + fe tmp0, tmp1; + fe_loose tmp0l, tmp1l; /* loop invariant as of right before the test, for the case where x1 != 0: * pos >= -1; if z2 = 0 then x2 is nonzero; if z3 = 0 then x3 is nonzero * let r := e >> (pos+1) in the following equalities of projective points: |